MLS Statements

These consist of a mandatory hierarchical sensitivity and optional non-hierarchical category's. The combination of the two comprise a level or security level as shown in Table 1. Depending on the circumstances, there can be one level defined or a range as shown in Table 1.

Table 1: Level, Label, Category or Compartment - this table shows the meanings depending on the context being discussed.

Security Level (or Level)

Consisting of a sensitivity and zero or more category entries:

Note that SELinux uses level, sensitivity and category in the language statements, however when discussing these the following terms can also be used: labels, classifications, and compartments.

sensitivity [: category, ... ]

also known as:

Sensitivity Label

Consisting of a classification and compartment.

Range

Low

High

sensitivity [: category, ... ]

-

sensitivity [: category, ... ]

For a process or subject this is the current level or sensitivity

For a process or subject this is the Clearance

For an object this is the current level or sensitivity

For an object this is the maximum range

(for SELinux polyinstantiated directories)

SystemLow

SystemHigh

This is the lowest level or classification for the system (for SELinux this is generally 's0', note that there are no categories).

This is the highest level or classification for the system (for SELinux this is generally 's15:c0,c255', although note that they will be the highest set by the policy).

To make the security levels more meaningful, it is possible to use the setransd daemon to translate these to human readable formats. The semanage(8) command will allow this mapping to be defined as discussed in the setrans.conf file section.

dominance

When more than one sensitivity statemement is defined within a policy, then a dominance statement is required to define the actual hierarchy between all sensitivities.

The statement definition is:

dominance { sensitivity_id ... }

Where:

dominance

The dominance keyword.

sensitivity_id

A space separated list of previously declared sensitivity or sensitivityalias identifiers in the order lowest to highest. They are enclosed in braces ({}), and note that there is no terminating semi-colon (;).

# The MLS Reference Policy default is to assign each Security
# Level with the complete set of categories (i.e. the inclusive
# set from c0 to c255):
level s0:c0.c255;
...
level s15:c0.c255;

range_transition

The range_transition statement is primarily used by the init process or administration commands to ensure processes run with their correct MLS range (for example init would run at SystemHigh and needs to initialise / run other processes at their correct MLS range). The statement was enhanced in Policy version 21 to accept other object classes.

The statement definition is (for pre-policy version 21):

range_transition source_type target_type new_range;

or (for policy version 21 and greater):

range_transition source_type target_type : class new_range;

Where:

range_transition

The range_transition keyword.

source_type

target_type

One or more source / target type or attribute identifiers. Multiple entries consist of a space separated list enclosed in braces ({}).

Entries can be excluded from the list by using the negative operator (-).

class

The optional object class keyword (this allows policy versions 21 and greater to specify a class other than the default of process).

new_range

The new MLS range for the object class. The format of this field is described in the MLS range Definition section.